.

Q&A for Pen Testing Perfect Storm Part II: Client-Side Mutiny

<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Wed Jan 14, 2009 1:25 am

Q&A for Pen Testing Perfect Storm Part II: Client-Side Mutiny

This is the place to be following Part II of this webcast series that took place at 1:00 PM EST on Wednesday January 21, 2009:

Pen Testing Perfect Storm Pt. II: Anatomy of a Client-Side Mutiny


EH-Net members are invited to keep the conversation going with Kevin Johnson, Josh Wright and Ed Skoudis from InGuardians. These 3 security experts will be with us for about a week (depending on their time constraints) after each webcast to answer your questions. We will also post the links to webcasts as they become available.

If you are not an EH-Net Member, please register now to post questions.

Feel free to ask away...

Many thanks to SANS and Core Security for making this possible,
Don
EH-Net
Editor-in-Chief
CISSP, MCSE, CSTA, Security+ SME
<<

RoleReversal

User avatar

Hero Member
Hero Member

Posts: 928

Joined: Fri Jan 04, 2008 8:54 am

Location: UK

Post Wed Jan 21, 2009 2:13 pm

Re: Q&A for Pen Testing Perfect Storm Part II: Client-Side Mutiny

Ed, Kevin & Josh,

thanks for the talk, really enjoyed it.

I'm looking forward to getting the archived talk and presentation slides as there was far too much information to take in in one go (that isn't a criticism, please keep it up).

Can't wait for part 3

RR
<<

vijay2

Full Member
Full Member

Posts: 220

Joined: Wed Mar 28, 2007 6:22 am

Post Wed Jan 21, 2009 2:33 pm

Re: Q&A for Pen Testing Perfect Storm Part II: Client-Side Mutiny

It was a great talk as usual, enjoyed and learned a lot.

Thanks  Guys

VJ
GPEN GCFA GCIH CISSP CISA GSEC OSCP C|EH Security+
<<

edskoudis

Newbie
Newbie

Posts: 10

Joined: Tue Dec 18, 2007 6:26 am

Post Thu Jan 22, 2009 8:06 am

Re: Q&A for Pen Testing Perfect Storm Part II: Client-Side Mutiny

VJ and RR,

Thank you for your kind words.  Much appreciated.

We had a wonderful time on the webcast yesterday.  Thanks to everyone who took time out of their schedule to join us.

--Ed.
<<

KevinInGuardians

Newbie
Newbie

Posts: 15

Joined: Wed Oct 15, 2008 1:26 pm

Post Thu Jan 22, 2009 11:39 am

Re: Q&A for Pen Testing Perfect Storm Part II: Client-Side Mutiny

I would like to second Ed's thanks for the kind words and I am looking forward to the conversations starting here.

Kevin
<<

mtgarden

Newbie
Newbie

Posts: 14

Joined: Mon Feb 26, 2007 3:22 pm

Post Thu Jan 22, 2009 11:53 am

Re: Q&A for Pen Testing Perfect Storm Part II: Client-Side Mutiny

Where would I find an older/vulnerable version of Joomla to test with w3af?  Setting up a VMWare environment: Debian etch LAMP to host Joomla and a Samurai machine as a pentesting environment.

Thanks.
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Thu Jan 22, 2009 1:14 pm

Re: Q&A for Pen Testing Perfect Storm Part II: Client-Side Mutiny

The day you stop learning is the day you start becoming obsolete.
<<

mtgarden

Newbie
Newbie

Posts: 14

Joined: Mon Feb 26, 2007 3:22 pm

Post Thu Jan 22, 2009 1:18 pm

Re: Q&A for Pen Testing Perfect Storm Part II: Client-Side Mutiny

those are only patches to the current version.  I wanted an install of an old code base.
<<

vijay2

Full Member
Full Member

Posts: 220

Joined: Wed Mar 28, 2007 6:22 am

Post Thu Jan 22, 2009 2:59 pm

Re: Q&A for Pen Testing Perfect Storm Part II: Client-Side Mutiny

Ed / Don / Kevin

It would be really helpful if one of you guys would post all the links (tools)  from the last slide on here.

Thanks
GPEN GCFA GCIH CISSP CISA GSEC OSCP C|EH Security+
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Thu Jan 22, 2009 3:11 pm

Re: Q&A for Pen Testing Perfect Storm Part II: Client-Side Mutiny

Whoops, sorry. I thought those were included.

Here's version history for 1.5, but I'm not seeing something similar for 1.0: http://docs.joomla.org/Joomla_1.5_version_history
The day you stop learning is the day you start becoming obsolete.
<<

mtgarden

Newbie
Newbie

Posts: 14

Joined: Mon Feb 26, 2007 3:22 pm

Post Thu Jan 22, 2009 3:22 pm

Re: Q&A for Pen Testing Perfect Storm Part II: Client-Side Mutiny

Thanks.
<<

hendricm

Newbie
Newbie

Posts: 2

Joined: Thu Jan 22, 2009 2:33 pm

Post Thu Jan 22, 2009 4:31 pm

Re: Q&A for Pen Testing Perfect Storm Part II: Client-Side Mutiny

Great presentation yesterday!  I had one question, has the program AirCSRF, “Air-Sea-Surf”, by Garland Glessner, been released yet? 

Thanks!

-Matt
CISSP, CCNA
<<

vijay2

Full Member
Full Member

Posts: 220

Joined: Wed Mar 28, 2007 6:22 am

Post Fri Jan 23, 2009 8:52 am

Re: Q&A for Pen Testing Perfect Storm Part II: Client-Side Mutiny

Now that we have received the archived webcast here are the links to the tools and resources discussed in the webcast

VistaRFMON and nm2lp - www.inguardians.com/tools

Vista Wireless Power Tools Paper - www.inguardians.com/pubs/articles.html

Nethelper - winunix.mkreddys.com

W3af - w3af.sourceforge.net

Samurai - samurai.inguardians.com

Thanks

VJ
GPEN GCFA GCIH CISSP CISA GSEC OSCP C|EH Security+
<<

edskoudis

Newbie
Newbie

Posts: 10

Joined: Tue Dec 18, 2007 6:26 am

Post Fri Jan 23, 2009 12:40 pm

Re: Q&A for Pen Testing Perfect Storm Part II: Client-Side Mutiny

Thanks, VJ, for posting those links... much appreciated.

We'll get answers to your other questions up (regarding old Joomla versions and AirCSRF availability) soon.

Thanks again to all--
--Ed.
<<

KevinInGuardians

Newbie
Newbie

Posts: 15

Joined: Wed Oct 15, 2008 1:26 pm

Post Fri Jan 23, 2009 1:21 pm

Re: Q&A for Pen Testing Perfect Storm Part II: Client-Side Mutiny

mtgarden wrote:Where would I find an older/vulnerable version of Joomla to test with w3af?  Setting up a VMWare environment: Debian etch LAMP to host Joomla and a Samurai machine as a pentesting environment.

Thanks.


Joomla 1.0 is available here:
http://joomlacode.org/gf/project/joomla ... ge_id=3365

You can then update to what ever version using the patches.

Kevin
Next

Return to Special Events

Who is online

Users browsing this forum: No registered users and 1 guest

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software